After the partial data of the cyberattack on Phone House by Babuk, those responsible for a ransomware of the same name, was released days ago, the remaining files have been posted on the Dark Web, after the company did not pay the ransom. According to the authors of the cyberattack, with this new publication 113 GB of data corresponding to 13 million customers have risen, according to the attackers.
As we already told before, The filtered data contains information as sensitive as customer identifiers, name and surname, ID, some passports, emails (many of them repeated and considered false), mobile phone numbers, landlines, date of birth, nationality, physical addresses, postal codes, provinces, cities, etc.
More data to add to 'Have I been pwned?'
After the first leak, Troy Hunt, responsible for 'Have i been pwned?', Added to his database 5,223,350 emails of the attack, although as we verified, the filtered phones still did not appear in his search engine (which after the leak of Facebook, now also allows to enter them beyond the email addresses). The attackers now speak of 13 million customers, so it will be necessary to see if the number of entries recognized by 'Have I been pwned?' Will soon be updated.
One of the last uploaded files includes ID, name, surname and Up to the account number of more than 2.6 million people with insurance contracted at The Phone HouseIt must be remembered that many mobile insurance were processed in their stores, which provides even more data than those provided by ordinary customers.
Individually, there are 9.6 GB, 7.0 GB or 10 GB .DMP files for data management. Phone House, so many days after the cyberattack was made public, still does not make any statements or inform the media about this problem. According to the law, the company would have to have notified the AEPD within 72 hours after learning of the data breach. Later, he should have informed the affected customers. For now, we are still waiting.